From 9d11dc00c0313e6c68100dfed7a7104162b7d531 Mon Sep 17 00:00:00 2001 From: Josh Grossman Date: Sun, 17 Mar 2024 12:24:48 +0200 Subject: [PATCH] Minor changes to v9 (#1893) * Small wording change * Fix list intent do comply with updated linter * Remove extra newline --- 5.0/en/0x15-V7-Error-Logging.md | 1 - 5.0/en/0x17-V9-Communications.md | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/5.0/en/0x15-V7-Error-Logging.md b/5.0/en/0x15-V7-Error-Logging.md index 9aafccdcc6..17bcabc883 100644 --- a/5.0/en/0x15-V7-Error-Logging.md +++ b/5.0/en/0x15-V7-Error-Logging.md @@ -53,7 +53,6 @@ V7.2 covers OWASP Top 10 2017:A10. As 2017:A10 and this section are not penetrat | **7.2.3** | [MODIFIED, MOVED FROM 7.1.3] Verify that the application logs security relevant events including deserialization failures, input validation failures and incorrect HTTP requests (including requests with an unexpected HTTP verb). | | ✓ | ✓ | 778 | | **7.2.4** | [MODIFIED, MOVED FROM 9.2.5] Verify that backend TLS connection failures are logged. | | | ✓ | 778 | - ## V7.3 Log Protection Logs that can be trivially modified or deleted are useless for investigations and prosecutions. Disclosure of logs can expose inner details about the application or the data it contains. Care must be taken when protecting logs from unauthorized disclosure, modification or deletion. diff --git a/5.0/en/0x17-V9-Communications.md b/5.0/en/0x17-V9-Communications.md index 5b3022fcf3..1bd6147510 100644 --- a/5.0/en/0x17-V9-Communications.md +++ b/5.0/en/0x17-V9-Communications.md @@ -6,8 +6,8 @@ Ensure that a verified application meets the following high-level requirements: * Require TLS or strong encryption, independent of the sensitivity of the content. * Follow the latest guidance, including: - * Configuration advice - * Preferred algorithms and ciphers + * Configuration advice + * Preferred algorithms and ciphers * Avoid weak or soon-to-be deprecated algorithms and ciphers, except as a last resort. * Disable deprecated or known insecure algorithms and ciphers. @@ -66,4 +66,4 @@ Use secure TLS configuration and up-to-date tools to review the configuration on For more information, see also: * [OWASP – TLS Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html) -* The ideal method for achieving compliance with section 9.4 would be to review guides such as [Mozilla's Server Side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS) or [generate known good configurations](https://mozilla.github.io/server-side-tls/ssl-config-generator/), and use known and up-to-date TLS evaluation tools to obtain a desired level of security. +* The ideal way to achieve compliance with section 9.4 would be to review guides such as [Mozilla's Server Side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS) or [generate known good configurations](https://mozilla.github.io/server-side-tls/ssl-config-generator/), and use known and up-to-date TLS evaluation tools to obtain a desired level of security.